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PRELIMINARY AMENDMENT 



Dear Sir: 



Prior to examining this patent application, please enter the following amendments and 
consider the following remarks. 



In the Claims 



Please cancel claims 1-31 without prejudice or disclaimer of the subject matter recited 



therein. 
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Please add the following claims: 

32. A method of processing a packet comprising: 

matching one or more characteristics of said packet with one or more access control 

specifiers in at least one access control element; and 
processing said packet based on said matching. 

33. The method of claim 32, wherein said access control element is a content 
addressable memory. 



34. The method of claim 32, wherein said matching and said processing is done in 



parallel. 



35. The method of claim 32, wherein said characteristics of said packet comprises 
one or more of a source address, a destination address, a source port, a destination port, a 
protocol type, an input interface and an output interface. 

36. The method of claim 32, wherein said characteristics of said packet comprises 
data carried by said packet in a packet header. 

37. The method of claim 32, further comprising: 
receiving said packet. 

38. The method of claim 32, further comprising: 

identifying one or more of said access control specifiers based on said matching. 

39. The method of claim 37, further comprising: 

prioritizing said one or more of said access control specifiers identified based on said 
matching to generate a set of prioritized access control specifiers. 

40. The method of claim 39, wherein said prioritizing is done in parallel by a 
priority encoder. 
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41 . The method of claim 39, wherein said prioritizing is done based on an address 
of said access control specifiers in said access control element. 

42. The method of claim 39, wherein said processing is done based on said set of 
prioritized access control specifiers. 

43. The method of claim 32, wherein said processing further comprising: 
if said packet requires processing by a higher-level processor, 

forwarding said packet to said higher-level processor. 

44. The method of claim 32, further comprising: 
if said packet requires dropping, 

dropping said packet. 

45. The method of claim 32, further comprising: 
if said packet requires forwarding, 

forwarding said packet. 

46. A system for processing a packet comprising: 

an access control element, wherein said access control element is configured to store 
one or more access control specifiers; and 

a priority encoder coupled to said access control element, wherein said priority 

encoder is configured to prioritize in parallel said one or more access control 
specifiers matched with one or more characteristics of said packet. 

47. The system of claim 46, wherein said priority encoder is further configured to 
prioritize said one or more access control specifiers matched with said one or more 

characteristics of said packet according to an address of said one or more 
access control specifiers in said access control element. 



849839 vl 



-3- 



LAW OFFICES OF 
SKJERVEN MORRILL 
MACPHERSONllp 

25 METRO DRIVE 
SUITE 700 
SAN JOSE, CA 95110 

(408) 453-9200 
FAX (408) 453-7979 



48. The system of claim 46, further comprising: 

a compare unit coupled to said access control unit, wherein said compare unit is 

configured to compare said one or more characteristics of said packet with one 
or more values. 

49. The system of claim 48, wherein said one or more values are predetermined. 

50. The system of claim 48, wherein said one or more values are dynamically 
determined. 

51. The system of claim 48, wherein said compare unit is further configured to 
perform arithmetic operation on data carried by said packet in a packet header. 

52. The system of claim 48, wherein said compare unit is further configured to 
perform logical operation on said data carried by said packet in said packet header. 

53. The system of claim 46, wherein said access control element further 
comprising: 

an access control memory. 

54. The system of claim 53, wherein said access control memory is a content- 
addressable memory. 

55. The method of claim 53, wherein said access control memory stores at least 
one of said access control specifier. 

56. The system of claim 53, wherein said access control specifier further 
comprising: 

a label match mask configured to determine whether a first corresponding bit of said 

one or more characteristics of said packet is tested; and 
a label match pattern, wherein said label match pattern is compared with a second 

corresponding bit of said one or more characteristics of said packet. 



849839 vl 



-4- 



57. The system of claim 46, further comprising: 

a processor, coupled to said access control element, said processor is configured to 
process said packet when said packet is not processed by said access control 
element. 
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58. The system of claim 46, further comprising: 

at least one input port coupled to said access control element, wherein said input port 

is configured to receive said packet; and 
at least one output port coupled to said access control element, wherein said packet is 

forwarded via said out put port. 

59. A system for processing a packet comprising: 

means for matching one or more characteristics of said packet with one or more access 

control specifiers in at least one access control element; and 
means for processing said packet based on said matching. 

60. The system of claim 59, wherein said access control element is a content 
addressable memory. 



61 . The system of claim 59, wherein said matching and said processing is done in 



parallel. 



62. The system of claim 59, wherein said characteristics of said packet comprises 
one or more of a source address, a destination address, a source port, a destination port, a 
protocol type, an input interface and an output interface. 

63. The system of claim 59, wherein said characteristics of said packet comprises 
data carried by said packet in a packet header. 

64. The system of claim 59, further comprising: 
means for receiving said packet. 
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65. The system of claim 59, further comprising: 

means for identifying one or more of said access control specifiers based on said 
matching. 

66. The system of claim 64, further comprising: 

means for prioritizing said one or more of said access control specifiers identified 

based on said matching to generate a set of prioritized access control specifiers. 

67. The system of claim 66, wherein said prioritizing is done in parallel by a 
priority encoder. 

68. The system of claim 66, wherein said prioritizing is done based on an address 
of said access control specifiers in said access control element. 

69. The system of claim 66, wherein said processing is done based on said set of 
prioritized access control specifiers. 

70. The system of claim 59, wherein said processing further comprising: 

means for forwarding said packet to said higher-level processor if said packet requires 
processing by a higher-level processor. 

7 1 . The system of claim 59, further comprising: 

means for dropping said packet if said packet requires dropping. 

72. The system of claim 59, further comprising: 

means for forwarding said packet if said packet requires forwarding. 
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73 . A system comprising: 

means for maintaining a set of access control patters in at least one associative 
memory; 

means for receiving a packet label responsible to a packet, said packet label being 
sufficient to perform access control processing for said packet; 

means for matching matchable information, said matchable information being 

responsible to said packet label, with said set of access control patterns in 
parallel; 

means for generating a set of matches in response thereto, each said match having 

priority information associated therewith; 
means for selecting at least one of said matches in response to said priority 

information, and generating an access result in response to said at least one 

selected match; and 
means for making a routing decision in response to said access result. 

74. The system of claim 73 further comprising: 
means for choosing a first one of said matches. 

75. The system of claim 73, further comprising: 
means for determining an output interface for said packet. 

76. The system of claim 73, further comprising: 
means for implementing a quality of service policy. 

77. The system of claim 73, further comprising: 
means for permitting or denying access for said packet. 

78. The system of claim 73, further comprising: 

means for making a preliminary routing decision for said packet. 



79. The method of claim 73, further comprising: 

means for determining at least one output interface for said packet. 
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80. The system of claim 73, further comprising: 
means for preprocessing said packet label; and 
means for generating said matchable information. 



81 . The system of claim 79, further comprising: 

means for performing one or more of an arithmetic, logical, and comparison operation 

on said packet label; and 
means for generating a bit string for said matchable information in response to said 

arithmetic, logical, and comparison operation. 

82. The system of claim 73, further comprising: 

means for comparing a field of said packet label with an arithmetic range or mask 
value. 

83. The system of claim 73, further comprising: 

means for comparing a source IP port value or a destination IP port value with a 
selected port value. 

84. The system of claim 32, further comprising: 

means for postprocessing said selected match to generate said access result. 

85. The system of claim 73, further comprising: 

means for accessing a memory in response to a bitstring included in said selected 
match. 

86. The system of claim 73, further comprising: 

means for declaring whether to permit or deny access of a set of packets. 

87. The system of claim 73, further comprising: 

means for receiving said sequence of access control specifiers; 

means for translating said sequence of access control specifiers into said sequence of 

access control patterns; and 
means for storing said sequence of access control patterns in said associative memory. 
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88. The system of claim 73, further comprising: 

means for generating a single one of said access control patterns in response to a 
plurality of said access control specifiers. 

89. The system of claim 73 , further comprising: 

means for generating a single one of said access control patterns in response to a 
plurality of said access control specifiers. 
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REMARKS/CONCLUSION 

In view of the amendments and remarks set forth herein, the application is believed to 
be in condition for allowance and a notice to that effect is solicited. In light of the foregoing 
amendments and remarks, applicants submit that all claims are now in condition for 
allowance, and an early notice to that effect is earnestly solicited. Nonetheless, should any 
issues remain that might be subject to resolution through a telephonic interview, the Examiner 
is requested to telephone the undersigned. 

Attached hereto is a marked-up version of the changes made to the specification and 
claims by the current amendment. The attached page is captioned "Version With Markings 
To Show Changes Made." 



EXPRESS MAIL LABEL NO: 
EV 047 534 Oil US 



Respectfully submitted, 




Abdul R. Zindanr 



Attorney for Applicant 
Reg. No. 46,091 
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VERSION WITH MARKINGS TO SHOW CHANGES MADE 



Claims 1-31 were cancelled. 

32. A method of processing a packet comprising: 

matching one or more characteristics of said packet with one or more access control 

specifiers in at least one access control element; and 
processing said packet based on said matching. 

33. The method of claim 32. wherein said access control element is a content 
addressable memory. 

34. The method of claim 32, wherein said matching and said processing is done in 
parallel. 

35. The method of claim 32. wherein said characteristics of said packet comprises 
one or more of a source address, a destination address, a source port, a destination port, a 
protocol type, an input interface and an output interface. 

36. The method of claim 32, wherein said characteristics of said packet comprises 
data carried by said packet in a packet header. 

37. The method of claim 32. further comprising: 
receiving said packet. 

38. The method of claim 32, further comprising: 

identifying one or more of said access control specifiers based on said matching. 

39. The method of claim 37, further comprising: 

prioritizing said one or more of said access control specifiers identified based on said 
matching to generate a set of prioritized access control specifiers. 

40. The method of claim 39. wherein said prioritizing is done in parallel bv a 
priority encoder. 
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41 . The method of claim 39, wherein said prioritizing is done based on an address 
of said access control specifiers in said access control element. 



42. The method of claim 39, wherein said processing is done based on said set of 
prioritized access control specifiers. 

43. The method of claim 32, wherein said processing further comprising: 
if said packet requires processing by a higher-level processor, 

forwarding said packet to said higher-level processor. 

44. The method of claim 32, further comprising: 



one or more access control specifiers; and 
a priority encoder coupled to said access control element, wherein said priority 

encoder is configured to prioritize in parallel said one or more access control 
specifiers matched with one or more characteristics of said packet. 

47. The system of claim 46, wherein said priority encoder is further configured to 
prioritize said one or more access control specifiers matched with said one or more 

characteristics of said packet according to an address of said one or more 

access control specifiers in said access control element. 




45. The method of claim 32, further comprising: 
if said packet requires forwarding, 
forwarding said packet. 



if said packet requires dropping, 
dropping said packet. 



y 



46. A system for processing a packet comprising: 

an access control element, wherein said access control element is configured to store 
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48. The system of claim 46, further comprising: 

a compare unit coupled to said access control unit, wherein said compare unit is 

configured to compare said one or more characteristics of said packet with one 
or more values, 

49. The system of claim 48, wherein said one or more values are predetermined. 

50. The system of claim 48, wherein said one or more values are dynamically 
determined. 



5 1 . The system of claim 48, wherein said compare unit is further configured to 
perform arithmetic operation on data carried by said packet in a packet header. 

52. The system of claim 48, wherein said compare unit is further configured to 
perform logical operation on said data carried by said packet in said packet header. 

53. The system of claim 46, wherein said access control element further 
comprising: 

an access control memory. 

54. The system of claim 53, wherein said access control memory is a content- 
addressable memory. 



55. The method of claim 53, wherein said access control memory stores at least 
one of said access control specifier. 



56. The system of claim 53, wherein said access control specifier further 
comprising: 

a label match mask configured to determine whether a first corresponding bit of said 
one or more characteristics of said packet is tested; and 

a label match pattern, wherein said label match pattern is compared with a second 
corresponding bit of said one or more characteristics of said packet. 
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57. The system of claim 46, further comprising: 

a processor, coupled to said access control element, said processor is configured to 
process said packet when said packet is not processed by said access control 
element. 

58. The system of claim 46, further comprising: 

at least one input port coupled to said access control element, wherein said input port 

is configured to receive said packet; and 
at least one output port coupled to said access control element, wherein said packet is 

forwarded via said out put port. 

59. A system for processing a packet comprising: 

means for matching one or more characteristics of said packet with one or more access 

control specifiers in at least one access control element: and 
means for processing said packet based on said matching. 

60. The system of claim 59, wherein said access control element is a content 
addressable memory. 

61 . The system of claim 59, wherein said matching and said processing is done in 
parallel. 

62. The system of claim 59, wherein said characteristics of said packet comprises 
one or more of a source address, a destination address, a source port, a destination port, a 
protocol type, an input interface and an output interface. 

63. The system of claim 59, wherein said characteristics of said packet comprises 
data carried by said packet in a packet header. 

64. The system of claim 59, further comprising: 
means for receiving said packet. 
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65. The system of claim 59, further comprising: 

means for identifying one or more of said access control specifiers based on said 
matching. 



66. The system of claim 64, further comprising: 

means for prioritizing said one or more of said access control specifiers identified 

based on said matching to generate a set of prioritized access control specifiers 



67. The system of claim 66, wherein said prioritizing is done in parallel by a 
priority encoder. 



68. The system of claim 66, wherein said prioritizing is done based on an address 
of said access control specifiers in said access control element. 



69. The system of claim 66, wherein said processing is done based on said set of 
prioritized access control specifiers. 

70. The system of claim 59, wherein said processing further comprising: 

means for forwarding said packet to said higher-level processor if said packet requires 
processing by a higher-level processor. 

71 . The system of claim 59, further comprising: 

means for dropping said packet if said packet requires dropping. 

72. The system of claim 59, further comprising: 

means for forwarding said packet if said packet requires forwarding. 
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73 . A system comprising: 

means for maintaining a set of access control patters in at least one associative 
memory; 

means for receiving a packet label responsible to a packet, said packet label being 
sufficient to perform access control processing for said packet; 

means for matching matchable information, said matchable information being 

responsible to said packet label, with said set of access control patterns in 
parallel; 

means for generating a set of matches in response thereto, each said match having 

priority information associated therewith; 
means for selecting at least one of said matches in response to said priority 

information, and generating an access result in response to said at least one 

selected match; and 
means for making a routing decision in response to said access result. 

74. The system of claim 73 further comprising: 
means for choosing a first one of said matches. 

75. The system of claim 73, further comprising: 
means for determining an output interface for said packet. 

76. The system of claim 73, further comprising: 
means for implementing a quality of service policy. 

77. The system of claim 73, further comprising: 
means for permitting or denying access for said packet. 

78. The system of claim 73, further comprising: 

means for making a preliminary routing decision for said packet. 



79. The method of claim 73, further comprising: 

means for determining at least one output interface for said packet. 
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80. The system of claim 73, further comprising: 
means for preprocessing said packet label; and 
means for generating said matchable information. 

8 1 . The system of claim 79, further comprising: 

means for performing one or more of an arithmetic, logical and comparison operation 

on said packet label; and 
means for generating a bit string for said matchable information in response to said 

arithmetic, logical, and comparison operation. 

82. The system of claim 73, further comprising: 

means for comparing a field of said packet label with an arithmetic range or mask 
value. 

83. The system of claim 73, further comprising: 

means for comparing a source IP port value or a destination IP port value with a 
selected port value. 

84. The system of claim 32, further comprising: 

means for postprocessing said selected match to generate said access result. 

85. The system of claim 73, further comprising: 

means for accessing a memory in response to a bitstring included in said selected 
match. 

86. The system of claim 73, further comprising: 

means for declaring whether to permit or deny access of a set of packets. 

87. The system of claim 73, further comprising: 

means for receiving said sequence of access control specifiers; 

means for translating said sequence of access control specifiers into said sequence of 

access control patterns: and 
means for storing said sequence of access control patterns in said associative memory. 
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88. The system of claim 73, farther comprising: 

means for generating a single one of said access control patterns in response to a 
plurality of said access control specifiers. 

89. The system of claim 73. further comprising: 

means for generating a single one of said access control patterns in response to a plurality of 

said access control specifiers. 
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